sonofjay
Mission Accomplished - Bush May 1, 2003
Premium,MVM
join:2001-05-14
North Attleboro, MA | Killing a fly with a jackhammer
Hope it works! |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
1 edit | What isn't mentioned in the BBR article but is mentioned in the Comcast forum and a CNet article, is that Comcast plans on targeting the blocks toward subscribers that are sending out spam, rather than foisting the blocks on everyone. This way it won't affect the majority of subscribers. After all, there are probably more people out there who legitimately use 3rd party SMTP servers, which would be negatively affected by such a block than there are spamming zombies.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to sonofjay
said by sonofjay  :
Killing a fly with a jackhammer
Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly"
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
sonofjay
Mission Accomplished - Bush May 1, 2003
Premium,MVM
join:2001-05-14
North Attleboro, MA
 ·Vonage
 ·Earthlink Cable Mo..
1 edit | said by Steve :
Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly"
True, but this is simply treating the symptom and not the problem itself. And how long will it really be before a virus is written to use a different port? What will they do then block all ports?
--
The war is over?? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by sonofjay :
And how long will it really be before a virus is written to use a different port?
They won't: as long as 25/tcp is the only port that recipient mailservers listen on, blocking that outbound port stops the spam once and for all.
I don't care of Comcast customers are infected, I just care that the spam stops.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
Zshen
join:2002-06-10
West Des Moines, IA
clubs:  
1 edit | reply to sonofjay
It's about time they do something. It's obvious they don't pay attention to any spam/abuse reports since I'm still getting hammered 6 months later from the same compromised open relay computer.
--
"The most overlooked advantage of owning a computer is that if they foul up there's no law against whacking them around a bit." |
|
DonLibes
Premium,ExMod 2001
join:2003-01-19
| reply to kpatz
said by kpatz :
What isn't mentioned in the BBR article but is mentioned in the Comcast forum and a CNet article, is that Comcast plans on targeting the blocks toward subscribers that are sending out spam, rather than foisting the blocks on everyone.
How does Comcast's proposed implementation only target subscribers sending out spam? I need to use my employer's SMTP server (Comcast's SMTP server has too many limits on outbound mail plus it's much lower reliability, has long latency, etc.) So would I still be able to use my employer's SMTP server? How would Comcast differentiate? |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to sonofjay
While this will help as there are lots of open email servers out there, it will not stop spam, as sonofjay is correct that other ports are used to bounce spam (559 and 65506 are two very common virus installed proxies and I would bet filtering those two ports would have more of an effect then filtering port 25).
The only solution is to go after the infected systems and spam servers spewing out this junk, but right now I'm happy to see someone trying something to help.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to DonLibes
said by DonLibes :
How does Comcast's proposed implementation only target subscribers sending out spam? I need to use my employer's SMTP server (Comcast's SMTP server has too many limits on outbound mail plus it's much lower reliability, has long latency, etc.) So would I still be able to use my employer's SMTP server? How would Comcast differentiate?
I presume they would go by Spamhaus etc. reports and/or abuse complaints, and just block those who are known to have sent large amounts of spam.
Sending legitimate mail to a legitimate 3rd-party server shouldn't get their attention.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to Link Logger
Huh?
Blocking inbound 25/tcp to Comcast subscribers would have the effect you suggest - use a different proxy port - but I believe we're talking about blocking outbound 25/tcp. This will stop all email coming from these infected machines.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
 ·Speakeasy
| reply to sonofjay
said by sonofjay :
said by Steve :
Um, the enormous volume of spam coming from Comcast hardly qualifies as "a fly"
True, but this is simply treating the symptom and not the problem itself. And who long will it really be before a virus is written to use a different port? What will they do then block all ports?
That's a REALLY naive argument. You assume two things: that all SMTP service providers will provide alternate port service on the same alternate port and that there's no authentication required on that alternate port.
Unless every ISP sets up to listen on the same port, how is the virus going to know what port to connect to? Port-scan every MX host? That will just end up auto-blacklisting the scanning host - defeating the purpose of the virus. Granted, there is an RFC stipulated alternate port, the MSA port, 587, that viruses could try to go against, but doing so is problematic, as well. Mail services that bother to set up SMTP on alternate ports typically require authentication to pass traffic. Without authentication credentials, those viruses that are written to use alternate ports aren't really going to go anywhere.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| reply to Link Logger
said by Link Logger :
While this will help as there are lots of open email servers out there, it will not stop spam, as sonofjay is correct that other ports are used to bounce spam (559 and 65506 are two very common virus installed proxies and I would bet filtering those two ports would have more of an effect then filtering port 25).
The only solution is to go after the infected systems and spam servers spewing out this junk, but right now I'm happy to see someone trying something to help.
Your argument makes no sense. It doesn't matter where a proxy listens. If it's trying to reach an SMTP system outside of a blocked network, then blocking port 25 outbound is STILL going to destroy the effectiveness of that proxy.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" |
|
djtim21
It's all good
Premium
join:2003-12-22
Buffalo Grove, IL
clubs: | reply to DonLibes
 Why don't you use VPN and solve your problem |
|
alien9999999
Your Head Looks Nice
Premium
join:2002-05-21
B-3000
| reply to Steve
it's more "killing billions of flys with a bunch of jackhammers"
furthermore, even if every ISP blocks the port, it won't mean spam would be ended, but it would mean that every spam would be perfectly traceable and sueable (hopefully) and that spammers would have no place to run anymore...
...effectively ending 90% of all spam.
--
Alien is my name and headbiting is my game. |
|
jester121
join:2003-08-09
Lake Zurich, IL
 ·surpasshosting
·ViaTalk
| reply to DonLibes
Your employer can (and should) set up an alternate port for you to use, preferably with SMTP-Auth, and you'll have no problems.
I've listened to this debate for months and NO ONE has come up with a convincing argument for permitting outbound port 25 from an ISP's subscriber block. The workarounds are too easy, the benefits too monumental, and the drawbacks are nill.
If people want to run their own SMTP server, pony up the money and pay for an account that supports it.
I'll be curious to see how SPF manages to cause headaches, assuming it ever gets widespread acceptance. If companies don't adopt the alternate port approach, they're going to have a ton of extra work. |
|
N10Cities
SILENCE I Keel You
Premium
join:2002-05-07
Roland, OK
clubs:
·Cox HSI
·World Lynx
| reply to DonLibes
said by DonLibes :
said by kpatz :
What isn't mentioned in the BBR article but is mentioned in the Comcast forum and a CNet article, is that Comcast plans on targeting the blocks toward subscribers that are sending out spam, rather than foisting the blocks on everyone.
How does Comcast's proposed implementation only target subscribers sending out spam? I need to use my employer's SMTP server (Comcast's SMTP server has too many limits on outbound mail plus it's much lower reliability, has long latency, etc.) So would I still be able to use my employer's SMTP server? How would Comcast differentiate?
There was an article somewhere (I can't remember the link, but it was on C-NET), that said they can go into the customer's modem and block the port there once a known spam machine is identified. |
|
pvera
join:2001-12-01
Reston, VA | reply to Steve
More like a swarm of Cicadas! |
|
Brazbit
Randomness Personified
Premium
join:2003-10-22
Port Orchard, WA
·wavebroadband
| reply to kpatz
said by kpatz :
What isn't mentioned in the BBR article but is mentioned in the Comcast forum and a CNet article, is that Comcast plans on targeting the blocks toward subscribers that are sending out spam, rather than foisting the blocks on everyone. This way it won't affect the majority of subscribers. After all, there are probably more people out there who legitimately use 3rd party SMTP servers, which would be negatively affected by such a block than there are spamming zombies.
Didn't they say that in the last lines of the BBR article?
"With a "targeted" approach, Comcast likely plans to block port 25/tcp traffic for only the most egregious offenders. We'll soon see if that's going to be enough." |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| said by Brazbit :
Didn't they say that in the last lines of the BBR article?
Not when it was first posted, unless I overlooked it.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
russotto
join:2000-10-05
Collegeville, PA
| reply to jester121
said by jester121 :
I've listened to this debate for months and NO ONE has come up with a convincing argument for permitting outbound port 25 from an ISP's subscriber block. The workarounds are too easy, the benefits too monumental, and the drawbacks are nill.
The "workarounds" depend on having a machine with a first-class internet account. If you've seen no convincing arguments, it's because you won't accept any arguments. |
|
